1--TEST--
2Bug #68976 Use After Free Vulnerability in unserialize()
3--FILE--
4<?php
5class evilClass {
6	public $name;
7	function __wakeup() {
8		unset($this->name);
9	}
10}
11
12$fakezval = pack(
13    'IIII',
14    0x00100000,
15    0x00000400,
16    0x00000000,
17    0x00000006
18);
19
20$data = unserialize('a:2:{i:0;O:9:"evilClass":1:{s:4:"name";a:2:{i:0;i:1;i:1;i:2;}}i:1;R:4;}');
21
22for($i = 0; $i < 5; $i++) {
23    $v[$i] = $fakezval.$i;
24}
25
26var_dump($data);
27?>
28===DONE===
29--EXPECT--
30array(2) {
31  [0]=>
32  object(evilClass)#1 (0) {
33  }
34  [1]=>
35  int(1)
36}
37===DONE===
38